gnu: openssl: Replace with 1.0.2g [fixes CVE-2016-{0800,0705,0798,0797,0799,0702,0703,0704}].

See <http://openssl.org/news/secadv/20160301.txt>. Also fixes <http://bugs.gnu.org/22831>. * gnu/packages/patches/openssl-c-rehash-in.patch: New file. * gnu/packages/tls.scm (openssl)[replacement]: New field. (openssl-1.0.2g): New variable.
2025-07-17 04:20:44 +02:00 · 2016-03-01 15:57:37 +01:00 · 2016-03-01 15:57:37 +01:00 · caeadfddb0
commit caeadfddb0
parent c22a1324e6
3 changed files with 40 additions and 1 deletions
--- a/gnu/packages/patches/openssl-c-rehash-in.patch
+++ b/gnu/packages/patches/openssl-c-rehash-in.patch
@ -0,0 +1,17 @@
+This patch removes the explicit reference to the 'perl' binary,
+such that OpenSSL does not retain a reference to Perl.
+
+The 'c_rehash' program is seldom used, but it is used nonetheless
+to create symbolic links to certificates, for instance in the 'nss-certs'
+package.
+
+--- openssl-1.0.2g/tools/c_rehash.in	2015-09-09 18:36:07.313316482 +0200
+++ openssl-1.0.2g/tools/c_rehash.in	2015-09-09 18:36:28.965458458 +0200
+@@ -1,4 +1,6 @@
+-#!/usr/local/bin/perl
+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
+  & eval 'exec perl -wS "$0" $argv:q'
+    if 0;
+ 
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.